re-use of addresses

[DeathAndTaxes]

With a self signed cert say you got a cert claiming to be your bank.  How do you know it was your bank which created it?

Easy, your bank mails out their Certificate hash; and posts a copy of the cert (with hash) in local branches in the case of key rotation.

Easy?  So when you get mail from "your bank" how do you know it is from "your bank".  Blind trust?

With the CA sytem, you are blindly accepting the "self-signed" CA cert anyway if your browser does not recognize the CA authority your bank is using. I tried calling one of my parents's banks after such a warning. I was told to just trust the HTTP re-direct because the bank actually uses many different certs (and they did not know which signature to read over the phone).

IMO, giving dire warnings for self-signed certs, but not HTTP sites is a design flaw.

I agree and you will get no complaints form me on CA being the weak link but it is a very hard problem to solve on a mass scale and for non tech savy users.

[1714619194]

1714619194

[1714619194]

1714619194

[phillipsjk]

Easy?  So when you get mail from "your bank" how do you know it is from "your bank".  Blind trust?

Custom-printed letter-head essentially. Elections Canada accepts that as proof-of-residence; but not self-printed e-billing statements. If in doubt, there is always the copy at the local branch. Of course that has the same problem. You know a local branch is "real" because they have a large sign that costs some amount of money to make. I have heard that banks traditionally use a lot of stone in their architecture so they you know they can't easily move locations on you.

[DeathAndTaxes]

How would a customer know the difference between a valid and invalid custom letter head.  As far as driving to the bank to verify all cert changes I never said high security systems were impossible I said "it is a very hard problem to solve on a mass scale and for non tech savy users".  You don't honestly think even 1 in 100,000 users are going to drive to their local bank to verify a long hex signature in the cert matches the one they are getting online do you?

You really believe under such a system there would be less phishing and spoofing than with using CAs?  CA is a flawed system but given the realities of mass use by non experts it is the least flawed system we have.

[jonald_fyookball]

my bank has some pretty good online protocols/procedures.

You first have to enter your username separately,
and then you are shown a security image
that you previously picked, like a mushroom or
a banana or something.

and only THEN do you enter your password.

Certainly not foolproof (the bank might show
no image at all and user forgets about it),
but this system lets you know you're talking
to the bank website rather than being phished.

[phillipsjk]

You really believe under such a system there would be less phishing and spoofing than with using CAs?  CA is a flawed system but given the realities of mass use by non experts it is the least flawed system we have.

To be honest I don't know, but it would be hard to imagine things even more insecure.

I know without CAs, encryption would be fairly ubiquitous. That would make passive surveillance harder; but would not stop phishing. Browsers can limit the scope of spoofing by actually storing certificates and warning the user when they are changed: though after heartbleed, "Certificate Patrol" has been noisy of late.

Incidentally,  many Bitcoin websites use cloudflare. Clouldflare works by performing a man-in-the-middle attack on the websites under "protection". If a hostile government (such as the US) instructs Cloudflare to attack a website; I am not sure they would say "no".

As of this writing, cryptothrift.com shares a cert with the following websites:

Code:

DNS Name: ssl2250.cloudflare.com
DNS Name: cryptothrift.com
DNS Name: *.photodeals.com.au
DNS Name: *.chapmaninstitute.net
DNS Name: *.smsassembly.com
DNS Name: nicabet.com
DNS Name: chapmaninstitute.net
DNS Name: *.eastmon.com.au
DNS Name: *.nicabet.com
DNS Name: miniboxphoto.com
DNS Name: eastmon.com.au
DNS Name: preferredgarcinia.com
DNS Name: *.miniboxphoto.com
DNS Name: fighthub.international
DNS Name: *.fighthub.international
DNS Name: makeupandbeauty.com
DNS Name: *.pcdashboard.net
DNS Name: *.gardenatics.co.uk
DNS Name: *.makeupandbeauty.com
DNS Name: smsassembly.com
DNS Name: *.cryptothrift.com
DNS Name: *.bubblepix.com.au
DNS Name: photodeals.com.au
DNS Name: bubblepix.com.au
DNS Name: pcdashboard.net
DNS Name: *.preferredgarcinia.com
DNS Name: indespensablegarcinia.com
DNS Name: gardenatics.co.uk
DNS Name: *.indespensablegarcinia.com

Somehow bitmit.net got a green verified cloudflare cert before they went down.

my bank has some pretty good online protocols/procedures.

You first have to enter your username separately,
and then you are shown a security image
that you previously picked, like a mushroom or
a banana or something.

and only THEN do you enter your password.

My bank does the same thing. If you mistype your user-name, it asks for your password before presenting you with the "security image" though. I suspect those are mainly "security theatre" to make you think the site is secure.



But this is all off-topic :/

[jonald_fyookball]

Yes it is off-topic and I apologize.  I am partially to blame
for starting to talk about ssl certs. 

I would also rather talk about Bitcoin addresses and
ECDSA

[Stephen Gornick]

I still don't get how a dozen people sending to a single address of mine is protecting their privacy better than if I provide one address per transaction.

More explanation.
 - http://trilema.com/2014/why-exactly-reusing-bitcoin-addresses-strengthens-bitcoin-user-anonimity

If a hosted (shared) E-Wallet is used (e.g., like at most exchanges) I don't see any relevance to Mircea's argument.  Even when an E-Wallet isn't used, I'm struggling to grasp the benefit from his approach.

[Brangdon]

I would never say address re-use should never occur.  Also for a small amount of funds the risk (and potential loss) is minimal.  Sometimes accepting lower security is an acceptable option.  The important part is making an informed decision.

I've been learning about Nxt recently. That protocol always exposes public keys (and reuse addresses). They just didn't think it was worth worrying about at all.

[Peter R]

I would never say address re-use should never occur.  Also for a small amount of funds the risk (and potential loss) is minimal.  Sometimes accepting lower security is an acceptable option.  The important part is making an informed decision.

I've been learning about Nxt recently. That protocol always exposes public keys (and reuse addresses). They just didn't think it was worth worrying about at all.

This hints at another reason alt-coins are unappealing.  Bitcoin has been brutally beaten for over 4 years and has grown in spite of this.  The amount of energy spent trying to exploit weaknesses has forced us to recognize what those weaknesses are and begin dealing with them appropriately.

Imagine an alternate universe where NxT suddenly had the same market-cap and usage as bitcoin.  All sorts of problems would start to emerge.  And because NxT isn't a bitcoin clone, it would be a completely new set of problems that we would not be prepared for.  We were forced to take that risk with bitcoin because it was the first, but why would we want to debug another cryptocurrency payment system if it wasn't necessary?

[Brangdon]

Imagine an alternate universe where NxT suddenly had the same market-cap and usage as bitcoin.  All sorts of problems would start to emerge.  And because NxT isn't a bitcoin clone, it would be a completely new set of problems that we would not be prepared for.

True. On the other hand, the issues around key length and exposing public keys are well-known. If Nxt has problems, it probably isn't there.

We were forced to take that risk with bitcoin because it was the first, but why would we want to debug another cryptocurrency payment system if it wasn't necessary?

It is necessary if there's to be progress and innovation in the space of core crypto-currency protocols. Bitcoin itself innovates slowly, if at all, because its devs are rightly very conservative. I think coins that are very different to Bitcoin, like Nxt, are more worthy of our time than the clones, even if we're more confident the clones are technically secure.